Re: [Tails-dev] [review][website] #9356 warn about char enco…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [review][website] #9356 warn about char encoding on OpenPGP
sajolida:
> intrigeri:
>> sajolida wrote (09 Jun 2015 14:57:28 GMT) :
>>> Ok, so your hypothesis is that there shouldn't be problems if exchanging
>>> emails between two operating system or applications that default to
>>> UTF-8. Did I understand correctly?
>>
>> That's right, this was my hypothesis. But dkg later explained that it
>> still might cause security problems, even if in the ideal
>> (non-adversarial) case, the text renders just fine.
>>
>>> If we think this issue is "dangerous" or that PGP/inline should
>>> disappear from the cyberspace, then we might be better off stopping
>>> recommending Tails OpenPGP APllet as an option in the first place.
>>
>> It is apparently a bit dangerous, but for many people it's the only
>> workable option so far, so I'm not in favour of removing it. I mean,
>> we allow sending passwords over plaintext HTTP connections, even if
>> that's dangerous.
>
> I'm fine with keep it. Note that the difference here is that we don't
> provide specific tools or have documentation pages about sending your
> passwords over HTTP in plaintext :)


I merged the new branch submitted by emmapeel, see d87599e...cff5746.
I'm not excessively convinced by the content as already stated in this
thread but the structure and the form are good. So that's a closed case
for me.

--
sajolida